Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Microsoft
- Search Type: Search Last 3 Months
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2025-21408 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Published: February 06, 2025; 6:15:09 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2025-21404 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability Published: February 06, 2025; 6:15:09 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2025-21342 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Published: February 06, 2025; 6:15:09 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2025-21283 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Published: February 06, 2025; 6:15:09 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2025-21279 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Published: February 06, 2025; 6:15:09 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2025-21267 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability Published: February 06, 2025; 6:15:08 PM -0500 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2025-21253 |
Microsoft Edge for IOS and Android Spoofing Vulnerability Published: February 06, 2025; 6:15:08 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2025-21177 |
Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network. Published: February 06, 2025; 6:15:08 PM -0500 |
V4.0:(not available) V3.1: 8.7 HIGH V2.0:(not available) |
CVE-2025-0994 |
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server. Published: February 06, 2025; 11:15:41 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-21396 |
Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. Published: January 29, 2025; 6:15:32 PM -0500 |
V4.0:(not available) V3.1: 8.2 HIGH V2.0:(not available) |
CVE-2025-21262 |
User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network Published: January 24, 2025; 5:15:38 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-24034 |
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`. Published: January 23, 2025; 1:15:33 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-21399 |
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability Published: January 17, 2025; 3:15:46 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-21185 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Published: January 17, 2025; 3:15:30 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2025-21402 |
Microsoft Office OneNote Remote Code Execution Vulnerability Published: January 14, 2025; 1:16:04 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2025-21395 |
Microsoft Access Remote Code Execution Vulnerability Published: January 14, 2025; 1:16:04 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2025-21393 |
Microsoft SharePoint Server Spoofing Vulnerability Published: January 14, 2025; 1:16:03 PM -0500 |
V4.0:(not available) V3.1: 6.3 MEDIUM V2.0:(not available) |
CVE-2025-21372 |
Microsoft Brokering File System Elevation of Privilege Vulnerability Published: January 14, 2025; 1:16:02 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2025-21366 |
Microsoft Access Remote Code Execution Vulnerability Published: January 14, 2025; 1:16:02 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2025-21365 |
Microsoft Office Remote Code Execution Vulnerability Published: January 14, 2025; 1:16:02 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |